[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Nmh-workers] Vulnerability advisory for MIME software
|
From: |
Earl Hood |
|
Subject: |
[Nmh-workers] Vulnerability advisory for MIME software |
|
Date: |
Tue, 14 Sep 2004 13:13:06 -0500 |
The NISCC has posted an advisory mentioning security problems with
MIME-aware software. The advisories were also posted by Corsaire
to the VulnWatch mailing list.
The advisory mentions that various vendors used a MIME test suite
from NISCC to evaluate their products. Unfortunately, NISCC does
not make such test suite publicly available (a personal response
to my inquiry is attached below), but projects like mozilla apparently
have evaluated their software with the test suite.
My bet is that no one involved with nmh has seen the test suite to
see if nmh is open to any of the problems the advisory discusses (note,
the advisory is vague on specific vulnerabilities).
I maintain software package that does MIME processing, so I can
pursue obtaining the test suite for my package and see if it is
worth having nmh have access to the test also; assuming there is
interest among nmh developers and users.
--- Begin Message ---
|
Subject: |
Fwd: NISCC Vulnerability Advisory 380375/MIME |
|
Date: |
Tue, 14 Sep 2004 11:55:42 +0100 |
Hi,
NISCC has a policy of only releasing test tools to recognized developers of the protocol in questions. If you meet this requirement we use a non-legally binding framework agreement as a measure of sharing sensitive information. Please supply further details.
Best Regards
Cameron
From: Earl Hood <address@hidden>
Date: 14 September 2004 07:34:11 BST
To: address@hidden
Subject: Re: NISCC Vulnerability Advisory 380375/MIME
Reply-To: Earl Hood <address@hidden>
NISCC,
Your advisory mentions the existence of a MIME test suite, which
some vendors have used to evaluate their products. Unfortunately,
your advisory does not provide a link of the test suite so
authors of MIME-aware software are able to evaluate their products.
Is your test suite publicly available?
Thanks,
--ewh
--
Earl Hood, <address@hidden>
Web: <http://www.earlhood.com/>
PGP Public Key: <http://www.earlhood.com/gpgpubkey.txt>
Cameron
Team Leader, Management & Disclosure
NISCC Vulnerability Team
tel:+44-20-7821-1330 x4520
mb: +44-7795 390286
fax:+44-20-7821-1686
mailto:address@hidden
http://www.niscc.gov.uk/
National Infrastructure Security Coordination Centre (NISCC):
Protecting the Critical National Infrastructure from Electronic Attack
This email and any files transmitted with it are private and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please return it to the address it came from telling them it is not for you and then delete it from your system. This email message has been swept for computer viruses.
Cameron
Team Leader, Management & Disclosure
NISCC Vulnerability Team
tel:+44-20-7821-1330 x4520
mb: +44-7795 390286
fax:+44-20-7821-1686
mailto:address@hidden
http://www.niscc.gov.uk/
National Infrastructure Security Coordination Centre (NISCC):
Protecting the Critical National Infrastructure from Electronic Attack
This email and any files transmitted with it are private and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please return it to the address it came from telling them it is not for you and then delete it from your system. This email message has been swept for computer viruses.
--- End Message ---
- [Nmh-workers] Vulnerability advisory for MIME software,
Earl Hood <=